Predictive DNS

August 15, 2019

Contributed by:
T

Overview

Predictive DNS is a machine-learning-based authoritative DNS platform that manages your zones and makes routing decisions based on real-time service availability. It is highly available, with multiple anycast networks, that provide flexible and reliable routing rules. It is an enterprise offering for sophisticated DNS customers who value the quality of their DNS decision making process. It is for customers who require to run a data-driven, intelligent, global traffic management policy on a robust, and high-performance infrastructure.

Predictive DNS supports primary and secondary zone creation. Zone import is also supported with the most commonly used record types such as A (IPV4 version), AAAA (IPV6 version), NS, SOA, CNAME, MX, PTR, SRV, SPF, and TXT. We also support Openmix customers with seamless integration through Openmix App records. Any number of A/AAAA/CNAME records in a zone can be made fully Openmix-intelligent at any point. Customers are also able to run Predictive DNS in a dual primary environment using our API to drive configuration.

Added real-time data awareness of global Internet traffic, endpoint health, infrastructure status, third party vendor status, and so on

Simple to provision or modify traffic management.

Deep analytics and reporting on request activity.

Steps to Set up and Delegate a Zone

Before you sign-in to the Intelligent Traffic Management Portal, here are a few high level steps to help you understand how to set up and delegate a zone.

Step 1: Define and create your zone

To begin, create a zone with the same name as your company’s domain name.A zone represents a single parent domain with a collection of records within it. It provides information on how you want to route traffic for your domain and its sub domains. If you have a zone file from your current DNS provider, import it. With an imported zone file, you can quickly create all of the records for your zone.

Step 2: Add and test your records

You can either manually create records on the Predictive DNS console in the Intelligent Traffic Management Portal, or you can import a zone file with all its records. When you import a zone file, Predictive DNS replicates your original zone definition migrating all existing records within it.

You can also create zones and records programmatically by using the Predictive DNS API. The API can be found in the portal under My Accounts > API > Configuration > authdns.

Openmix customers can map an existing Openmix application to a CNAME or A/AAAA record through the Openmix App record type. Any number of A/AAAA/CNAME records in a zone can be made fully Openmix-intelligent at any point.

To test the records in your zone, you can use a tool called dig that queries DNS servers directly.Run dig with your zone name as the parameter.For example:

dig @ns1.ourdomain.net NS mydomain.com

dig @ns1.ourdomain.net A host.mydomain.com

The @ns1.ourdomain.net tells dig to make a request of the Intelligent Traffic Management DNS infrastructure, and the record type (NS or A) indicates which record to ask for. The NS command would ask for the NS records for the mydomain.com zone, and the second command @ns1.ourdomain.net A host.mydomain.com would be an A record for the host in the mydomain.com zone.

To assign us as the Authoritative DNS to manage your domain name, update the name servers that are responsible for responding to your DNS queries to our name servers. The new Citrix name servers will then respond authoritatively for your company.

Step 5: Validate the traffic flow appropriately

Initially you see traffic running between both systems (your previous DNS service and Citrix Predictive DNS), depending on the length of the TTL in the previous system. It can take a while for the traffic to fully migrate. If you experience any errors during migration, go back to the name servers provided by your previous DNS service, and then determine what went wrong. If you see traffic flowing as expected, you have successfully migrated to Citrix Predictive DNS. The default TTL here is 3600 seconds. You may want to lower the TTL initially until you make sure the migration is successful. Once you’re satisfied with the traffic flow, you can increase the TTL to a longer duration as applicable.

Navigation

To navigate to the Predictive DNS console, do the following:

Sign in to the Citrix Intelligent Traffic Management Portal.

From the left navigation menu, choose Predictive DNS > Configuration.

This takes you to the Add Zone page where you can get started by creating your zone.

Primary and Secondary Zones

A zone represents a single parent domain with a collection of records within it.
You can set up your zone in Predictive DNS as either the primary or the secondary. Primary and Secondary DNS is a way to create redundancy in the DNS. Primary is sometimes called master while the secondary is called the slave. This is because the primary has the master copy of the zone data while the secondary just clones that data through zone transfers at regular intervals or when prompted by the primary.

This process is also often called zone transfer or AXFR transfer. If your setup your primary zone with zone transfers enabled, then all changes made to the zone propagates out to all of your secondary servers automatically. Every IP that is entered as a secondary server receives this update. Similarly, you can set up a secondary zone as well.

When you create a zone, a name server (NS) record and a start of authority (SOA) record are automatically created for the zone. You can use the Predictive DNS UI to add, edit, duplicate, or delete zones.

Note: These operations (edit, duplicate, or delete) affect the entire zone, including all responses for any record within the zone. They must be done with extreme caution.

Add Zone

To add or create a zone:

If this is your first time, the start-up screen shows up where you can click Add Zone to get started.

This takes you to the Add Zone dialog box where you can create a zone for your domain.

If this is not your first time, you see a list of existing zones (domain names) created for the domains in your company and number of records associated with each of them.

Click the add icon on the top right of the page to start creating a zone.

The Add Zone dialog box opens.

Enter your domain name as the Zone Name. For example www.mydomain.com. The zone name must be globally unique, which means that you cannot create a zone name that exists, or even partially overlaps with an existing zone name. However, if there is a valid scenario where you need to create a zone name that may overlap with an existing one, or if you are unable to create a zone for a domain you own, contact support.

Select the DNS Type as Primary or Secondary.

Click the Zone Transfer Enabled check box to enable zone transfer, and enter information for the Primary or Secondary server. Refer to Server Information for details.

Server Information

IP Address

Port

Enter the port number associated with the server. This is an optional field. It is configurable only for secondary servers. If left empty, it defaults to 53.

Notifications

Enable notifications by checking the Notifications check box if you want your primary DNS to notify the secondary when updates occur. If the box is unchecked then updates from the primary are sent to the secondary on regular 60 minute time intervals.

Add Server

The Add Server button allows you to configure multiple servers for zone transfers.

TSIG Key

You can select a TSIG key from the list. This list contains keys that you create and manage in the TSIG Keys section. This is an optional field for increased security. Refer to TSIG Keys for more information.

Description

Add a short description or comment regarding the zone you are about to create. This is an optional field, entirely for your own requirement. It does not affect the actual DNS responses in any manner.

Tags

Tags allow you to sort and filter your zones in a list. This is also an optional field.

Import Zone

If you have a zone import file that has the configuration for your zone, it can be imported here. To import a zone file, first create a zone with the same name as the file you are importing. The following are the requirements for import:

The name of the zone in the zone file must match the name of the zone you are creating.

The zone file uses a standard BIND format for records.

The imported file must have an RFC-defined zone file format.

You can import a maximum of 5000 records. If you need to import more than the 5000 records, contact support.

The setup of DNSSEC requires some manual steps using the Citrix ITM portal and your domain registrar’s website.

As a customer of Citrix ITM authoritative DNS, you can enable DNSSEC using the following steps.

Step 1

Enable DNSSEC in the Citrix ITM Portal

Login to Citrix Cloud > Intelligent Traffic Management.

From the left navigation menu, navigate to Predictive DNS > Configuration.

New DNS zones: If you don’t already have your domain listed on the Zones page, click the Add Zone button on the page to create a zone. Otherwise, skip to sub-step 6 (Existing DNS customer).

In the Add Zone dialog box, select the toggle button for DNSSEC to enable it.

Click your domain name in the Zones page. You see the DS record information under Zone Settings. Now skip to substep 11.

Existing DNS customer: If you are an existing Predictive DNS customer and see your domain listed on the Zones page, click your zone name, to select it.

Click Edit for Zone Settings.

Select the toggle button for DNSSEC to enable it.Note: To complete the configuration and secure your records, you must add the DS record at your domain’s registrar as shown in Step 2.

Once you enable this feature, the Enable DNS confirmation dialog box opens.

Click Confirm. And then click Save.

Check Zone Settings to see the following DS Record information displayed -

Digest: The string value generated by the digest algorithm.

DNSKEY Algorithm: The algorithm used by the signing key.

Note: The algorithm we currently support is Algorithm 13, ECDSA Curve P-256 with SHA-256: ECDSAP256SHA256.

Digest Type: The algorithm used to generate the digest.

Key Tag: Integer value used to identify the signing key.

Expiration: Expiration date of the signing key.

Signing: Indicates whether the specific key is being used for signing. If Inactive, the key is not being used for signing.

Note: Multiple Signing Keys can be created, with up to 10 keys at once, and more than one key can be activated for signing. However, if you have multiple signing keys actively being used for signing, then your response may become too large to fit in a UDP packet.

Step 2

Add the DS record at your Domain’s Registrar

Share the DNSSEC information with your registrar by copying the DS record information and pasting it in the portal of your domain’s registrar.

Depending on the format required by your domain registrar, you can copy the DS record information in the DS record format by clicking Copy DS Record. Or alternatively, you can copy just the Digest by clicking the Copy Digest icon.

If you are still unclear about the process of adding DS record information at your Domain’s registrar, contact your ITM account representative or visit your registrar’s website for support.

Step 3 (optional)

Generate more Signing Keys

More signing keys can be generated by clicking the + Add Signing Key button.

An extra Signing Key can be helpful when your current Signing Key is nearing its expiry date. Signing can be enabled simultaneously for multiple signing keys.

Note: A Signing Key is valid for 365 days from the date of creation. Customers are responsible for manually generating a new Signing Key and enabling it for signing, before the current signing key expires. Customers must then add the new DS Record information at their domain registrar. This ensures a smooth transition when key rollovers are done.

TSIG Keys

TSIG keys provide an extra level of security for sharing information between a primary and secondary server. The key’s secret must be available on both servers (primary and secondary) in order for a successful handshake to take place.

To generate and manage TSIG keys, do the following:

From the left navigation menu, choose Predictive DNS.

Click TSIG Key Management.

The TSIG Key Management page opens.

Click the add icon on the top right of the page.

The Add TSIG Key dialog box opens.

Enter a Name for the TSIG.

Select an algorithm from the list.

For Secret, you have the option to enter any word or sentence in the field. As long as what you enter is 32 characters long (without spaces) and base64 encoded, it is accepted as such. Otherwise, it is hashed according to the algorithm that you select. Note: The secret and algorithm values need to match between the primary and secondary systems. The value of the secret has to be base64 encoded and have a character length of 32 characters. The generate hash button is only there to help generate a hash if one does not exist already.

Click Create to complete the generation of the key. The newly created TSIG is listed on the TSIG Key Management page.

To edit or delete the TSIG key, click the Actions column. Choose Edit to modify or Delete to remove the key.

Edit Zone

Click the name of the zone you want to edit.

The edit drawer opens.

Click the Edit button to make changes to the zone name, description, and tags.

Click Save to save your changes.

Important: Be careful when editing a zone name. Since all records in the zone are effectively suffixed with the zone name, renaming a zone changes every request.

Duplicate Zone

Duplicating a zone means to simply create another zone with information from an existing zone, but with a different zone name.

To duplicate a zone, click the icon in the Actions column.

Choose Duplicate Zone.

The Add Zone dialog box opens with information from the original zone.

Give the zone a new name and change whatever information you need to.

Click Create to complete the process.

A new zone is created with the records and information found in the original zone.

Note: You can change any information within the new zone at your own discretion. But you must change at least the Zone Name to create a duplicate zone. Duplicate zone names are not allowed.

Delete Zone

To delete a zone, click the icon in the Actions column.

Choose Delete Zone.

Click Confirm.

Note: This operation affects the entire zone, including all responses for any record within the zone. This must be done with extreme caution.

Records

After you create a zone for your domain (for example mydomain.com), you can add records to the zone. Each record you add will include a name, a record type, and other information applicable to the record type.
All records within a zone must have the zone’s domain name as a suffix.For example, if mydomain.com is the zone, it can contain records named www.mydomain.com, and www.portal.mydomain.com, but cannot contain a record named www.mydomain.co.in that is, the name of each record is appended with the name of the zone.
Note: When a zone is created, the Name Server (NS) record and Start Of Authority (SOA) record types are automatically created for that zone.

Manage Records

To get to the Records page and manage your records, click Manage Records in the Resource Records column of your Zone. The Records page opens with a list of records under the selected zone. Even if you haven’t created any records yet, you see at least two record types under Resource Records for one or more zones that you created. These are the NS and SOA records that are created by default when you first create your zone.

This page enables you to add, edit, delete, or duplicate records. It also lists the TTL, Record Type, and Response for each subdomain or record.

Add Record

From the Zones page, click Manage Records. This takes you to the Records page.

To add a new record, click the add button on the top right corner of the Records page.

The Add Record dialog box opens.

Name

Enter the name of the record. If you leave this field empty, a record is created at the apex of the zone.For example, if your zone is mydomain.com and you want an A record at the root of this domain, you would specify this as a nameless record in the mydomain.com zone. Some other specifications and vendors refer to this as the @ record.

TTL

Enter a value for TTL.TTL is the amount of time, in seconds, that you want DNS recursive resolvers to cache information about this record. If you specify a longer value (for example, 172,800 seconds, or two days), resolvers will reuse a previous response and send requests to the authoritative DNS server less often. However, this means it takes longer for changes to the record to take effect because recursive resolvers use the values in their cache for longer periods instead of asking for the latest information.

Type

Select the Type of record that you would like to create. For more information on different types of records, refer to the Record Types section.

Response Type

Enter a Response that is appropriate for the value of the record Type. For all types except CNAME, you can enter more than one response value. Enter multiple response values by clicking the add icon. If multiple values are entered, all of the specified responses will be returned for each request of that type and name.

Click Create to add the record. The newly added record propagates out to the DNS servers and be served live when the change is made.

List Records

When you add a new record, it is listed on the Records page. This page lists all the records you created under a specific Zone Name along with the TTL, Record Type, and the Response for that record.

All records on this page belong to a specific zone displayed in the Zone Name list on the top left of the Records page. This list has a list of the zones already created for your company. You can switch to a different zone (and view its own records) by selecting it from the list.

You can also use the Record Type list to filter this list based on record type.

Edit Record

There are two ways to edit records: detailed edit and quick edit. To perform a detailed edit, click record in the list (on the Records page).It opens to show the record details with buttons to edit. Click the Edit button to display record information. Once you’re done editing, click Save, to save your changes.

To use Quick Edit, simply click the edit icon (in the Quick Edit column) for the record you want to edit. You will be able to edit the TTL and the Response for the record. When you’re done editing, click the save (check mark) icon to save your edits or cancel to undo the edits.

Duplicate Record

To duplicate a record click the icon in the Actions column. Choose Duplicate Record. The Add Record dialog box opens with information from the record you want to duplicate. Click Create to create a record with information from the original record. Please note that at least the Record Name or Type must be changed in order for the new record to be created.
Note: SOA records cannot be duplicated.

Delete Record

To delete a record click the icon in the Actions column. Choose Delete Record. This action deletes the record and Predictive DNS will no longer respond to queries for the record. To remove specific responses within a record, use the Quick Edit option

Note: NS and SOA records are default record types and cannot be deleted. These records will be removed only if the zone itself is deleted.

Record Types

NS Record

NS or Name Server records are responsible for delegating a DNS zone to an authoritative server. We create a name server (NS) record that is automatically assigned when you create a zone, for for example, ns1.ourdomain.net and ns2.ourdomain.net. These are the name servers you would configure in your registrar so that DNS queries can be routed to your zone.
These name servers serve to confirm the server set available to service requests for the zone, ensuring that the set of name servers returned in the delegation request, and by the delegated server, match. You can also edit the name servers to ensure they match.

We also enable you to edit name servers that you create so you can point any of your domains to another company’s name servers that may hold your DNS zone and manage your records there.

Note: NS records can be edited but cannot be deleted.

SOA Record

The Start of Authority (SOA) record identifies the authoritative information about the zone. An SOA resource record is created by default when you create your zone. You can modify the record as needed.

Note: SOA records cannot be created by the user but certain parameters can be edited.

MNAME: The the domain name of the primary name server, such as ns1.ourdomain.net in the above example.

RNAME: The email address of the administrator in a format with the @ symbol replaced by a period, such as admin.mydomain.com in the above example.

Serial Number: A revision number to increment when you change the zone file and distribute changes to the DNS servers. An unsigned 32 bit integer, such as 314 in the above example.

Refresh Time: Refresh time in seconds that the DNS servers wait before querying the SOA record to check for changes. An unsigned 32 bit integer time interval in seconds, such as 3600 in the above example.

Retry Interval: The retry interval in seconds that a secondary server waits before retrying a failed zone transfer, such as 600 (10 minutes) in the above example. Normally, the retry time is less than the refresh time.

Expire Time: The expire time in seconds that a secondary server keep trying to complete a zone transfer, such as 604800 (one week) in the above example.

Minimum TTL: The minimum time to live (TTL) in seconds, such as 10 seconds in the above example.

A — IPv4 address

An IP address in IPv4 format, for example, 192.0.2.235.The value for an A record is an IPv4 address in dotted decimal notation.

AAAA — IPv6 address

An IP address in IPv6 format, for example, 2001:0db8:85a3:0:0:8a2e:0370:7334.The value for a AAAA record is an IPv6 address in colon-separated hexadecimal format as specified in RFC 4291/5952 representations.

CNAME — Canonical name

The is the fully qualified domain name (for example, www.mydomain.com) that you want Predictive DNS to return in response to DNS queries for this record. A CNAME value element is the same format as a domain name.

Important: The DNS protocol does not allow you to create a CNAME record for the root of the zone that is we do not allow nameless CNAME records. For example, if your zone is mydomain.com, you cannot create a CNAME record for mydomain.com. However, you can create CNAME records for www.mydomain.com, portal.mydomain.com, and so on.
In addition, if you create a CNAME record for a subdomain, you cannot create any other records for that subdomain.For example, if you create a CNAME record for www.mydomain.com, you cannot create other record types with the name www.mydomain.com.
Note: If a subdomain has an Openmix App record, you cannot have A, AAAA or CNAME records in the same subdomain.

MX — Mail Exchange

This is the record used in routing requests to mail servers. For example: 1 mail.mydomain.com

Each value for an MX record contains two values:

The priority for the mail server which can be any 16 bit integer greater than 0.

The domain name of the mail server.

If you specify multiple servers, the value that you specify for the priority indicates which mail server you want email to be routed to first, second, and so on. For example, if you have two mail servers and you specify values of 1 and 2 for the priority, email always goes to the server with a priority of 1 unless it is unavailable. If you specify values of 1 and 1, email is routed to the two servers approximately equally.

Openmix (A/AAAA/CNAME)

Openmix Application customers can now have their entire record set in the zone (including static records) managed and served by the same set of services. This allows customers to make any of their hosts Openmix intelligent. So, whenever a CNAME is attached to an Openmix app, it is served with the same data-driven, dynamic, fully programmable, capability of Openmix.
For example, you can have multiple web app servers behind an Openmix App for your ‘www’ record and the Openmix app would decide which CNAME to respond with, using its built-in intelligent logic.
Note: An Openmix App can return a CNAME, A, or AAAA record and therefore you cannot simultaneously have an Openmix app with any of these record types using the same name.

PTR — Pointer record

PTR records are used to map an IP to a domain name, primarily for reverse DNS. Properly configured PTR records can be important for security scenarios such as validating the credibility of email senders or the reverse DNS lookup performed in SSH session establishment. A PTR record value has the same format as a domain name. For example, hostname.mydomain.com.

SPF — Sender Policy Framework

An SPF record identifies which mail servers are permitted to send email on behalf of your domain. It starts with v=spf, for example, v=spf1 ip4:192.168.0.1/16-all.

SRV — Service locator

An SRV record is used by voice over IP, instant messaging protocols, service discovery, and other applications. An SRV record value element consists of four space-separated values. The first three values are decimal numbers representing priority, weight, and port. The fourth value is a domain name.
The format of an SRV record is:
[priority] [weight] [port] [domain name]
For example:
1 10 5269 xmpp-server.example.com.

TXT — Text

A text record can contain arbitrary text and can also be used to define machine-readable data, such as security or abuse prevention information. It is also often used for domain ownership verification (for for example you can get a certificate, register third-party tools to operate on behalf of your domain, and so on).
It just needs to contain text, for example, Sample Text Entry.

Predictive Record (A/AAAA/CNAME)

Predictive records provide various configuration options for global traffic management based on real-time service availability. Predictive records allow you to apply routing configuration across address pools and define the behavior individually for different locations, networks, or IPs/CIDR blocks. This service combines failover and round robin routing logic to assure the highest availability, zero downtime, and seamless data-driven traffic management across platforms.

Predictive DNS customers can use the Predictive record type for CNAME, A, or AAAA response types.

As a Predictive DNS customer, when you add records to your zone, select Predictive (A/AAAA/CNAME) from the list of Record Types.

Navigation

Go to the Records page of your zone.

Click the Add Record button on the Records Page. To learn more about adding records, refer to the Add Record section.

The Add Record dialog box opens.

Add Predictive Records

In the Add Record dialog box, enter the following:

Name: Enter a Name for the record. If left empty, the record will automatically have the zone definition. You can also use a single asterisk * as a wildcard in the leftmost part of the name to match requests for all non-existent subdomains. For example, you can use, *, *.example.com, or *.something.example.com. However, *. is invalid, that is, asterisk followed just by a dot is not allowed. We support the wildcard functionality as defined in the RFCs.

TTL: You can leave the default TTL as is, or modify it according to your need. Note: DNS Time to Live (TTL) tells resolvers how long they must keep the decision before asking for updates again. The TTL is used to control the volume of traffic, and also control sensitivity to changes in the data that it acts upon. The default TTL is 20 seconds. If you lower the TTL you get more volume and more real-time DNS queries. However, that may lead to added costs and lower performance (because DNS queries take time on the client). Therefore, it is recommended to not change the default value of 20 seconds.

Fallback: Enter the Fallback response. A valid CNAME, A, AAAA must be specified for Fallback. The fallback is used in the event of a failure in processing of the application. Note: The Fallback response must be a valid CNAME, if the Response Type that you selected in the previous step is CNAME. If the Response Type selected is A, then the fallback response must be a CNAME or an iPV4 address. Alternatively, if the Response Type selected is AAAA, then the fallback response must be a CNAME or an iPV6 address.

Click Create and Define Routing.

The Predictive Configuration page opens.

Configuration Steps

The top of this page has the General section that displays what your setup in the Add Record dialog box. It also has optional fields to add Tags or a Description to your Predictive records.

Follow the steps below to configure the record.

Step 1: Choose All Available Platforms

The first step to configuring the predictive record is to choose all the platforms that you want available for different locations, networks, or IPs/CIDR blocks. If you don’t find your platform in the list, you can add it in the Platforms page.

Click Add a Platform on the top right of this section.

Add all the platforms that you want available for routing, including those that need to be added to address pools. You can do this by clicking the Choose a platform field, and selecting platforms individually from the list.

Depending on the Response Type (A, AAAA, or CNAME) that you selected in the Add Record list, enter an IPv4 address, IPv6 address, or CNAME for the platform. You can go back to the General section to edit the Response Type, if necessary.

Once the platform is selected and the Response Type is entered, you can enable or disable the platform by clicking the Enabled toggle button. You can also switch on/off Radar Availability and Sonar with similar toggle buttons.

In the Actions column, choose the check mark icon to save your changes or the cross mark icon to cancel.

Step 2: Add and Define Address Pools

Address Pools

Address pools are a collection of platforms that follow a routing method specified by the user. The purpose of an address pool is to enable you to define logical groups of platforms that can be used with any specific routing method. You can specify Round Robin or Failover routing methods for the platforms to follow within a pool.

You can add any number of platforms in each pool, and any number of pools for each of your geographic locations. For example, you can have an EU pool (consisting of platforms that predominantly service the EU region), an Asia pool (with platforms in China, India and Singapore), and a US pool (with platforms across the United States).

Note: Address pools are optional. You can have individual platforms instead, and add them to the routing configuration.

Round Robin Routing Method

This type of routing follows a typical Global Server Load-Balancing methodology of round robin, where each CNAME/A/AAAA alternates being returned to end-users, as DNS requests are made. For example, if platforms P1, P2 and P3 meet the availability threshold —the first request is routed to P1, second to P2, third to P3, fourth to P1 again, and so on. You can also assign Weights for the prioritization and selection of each platform globally and/or by market or country.

Failover Routing Method

This routing method supports a simple routing logic where a platform is chosen based on its place in line, and its availability threshold. You can create a failover chain that decides which platform to select first, second, and so on. This failover chain can be created to work globally and/or for individual markets and countries.

Adding An Address Pool

To add an Address Pool do the following:

Click the Add A Pool button on the top right of the section.

Enter a Name for the pool. The name can be used to identify the purpose of the pool.

Select a Routing Method. You can select either Round Robin or Failover.

Choose a Platform from the list you created in the previous step.

You can add as many platforms to this pool as required, by clicking the Add a Platform button.

For each Platform that you choose, enter an appropriate Weight. The purpose of weights is to prioritize and select platforms for traffic distribution. The weights you assign to the platforms do not have to add up to 100. They can be any integer between 0 and 1,000,000. These weights when converted to percentage (in the back-end), will add up to a 100%. If all selected platforms are given the same weight, traffic will be evenly distributed across them over time. If you have only one platform, then that one will be used 100% of the time, regardless of the weight you give it.

When done, choose the check mark icon to save your changes or the cross mark icon to cancel.

You can then edit or delete your platform selection by choosing the appropriate icons in the Actions column.

Step 3: Configure Failover

Failover applies to the entire set of address pools and/or individual platforms. It supports a simple validation method where an individual platform or pool is evaluated for routing based on the following criteria:

Location, network, and/or IP/CIDR. At least one of these criteria needs to be specified.

Sonar and Radar Availability if configured, and

Place in line

Failover For Predictive Records

The Predictive record evaluates the first configuration block for the required criteria (location, network, and/or IPs). If the first routing configuration block does not meet the required criteria, it moves on to the second one in line and so on.

The configuration block that meets all the required criteria, is chosen for traffic distribution.

Within the chosen configuration block, the address pools or platforms are evaluated based on their place in line and availability threshold (Radar and Sonar).

The first platform within the address pool (or outside it) that meets the availability threshold, is selected for traffic distribution. Round Robin or Failover routing logic then comes into play.

Note: If there is only one platform in the pool, that platform is selected 100% of the time, and round robin logic will not apply to it.

As a user, you can arrange the routing configuration blocks in such a way that the one with the highest priority comes first in line and so on. The reordering can be done manually by dragging each pool or platform to where it needs to be in the line.

Default Configuration

You are required to have at least one platform or pool in the default routing configuration block. It must contain one or more platforms or pools that the Predictive record will use if all other options fail to match the specified criteria. The default does not have any criteria to specify and it matches all requests. If the platform availability does not meet the Radar Availability threshold, then the response returns fallback.

Steps to Configure Failover

You can leave the default TTL as is, or modify it according to your need.

Make sure that Radar Availability is checked. You can set radar availability threshold to your desired level. Unchecking this disables Radar for the set of pools or platforms.

Select Locations, Networks, and/or IP/CIDR. For example, if your routing configuration applies to the Oceania region, you can specify locations, networks, and /or IP addresses of platforms or pools in this region.

The Failover Configuration field allows you to set the selection precedence for all the pools and platforms. The order in which you place these pools or platforms, will determine their selection for routing. And traffic will be routed based on the method specified (round robin or failover) in the previous step.

To delete a configuration block, click the trash icon beside the Name field.

DNS Reports

DNS reports provide powerful visibility into the volume of DNS requests based on various criteria for a specified domain or host name.They show how often specific record types are queried and provide a whole different level of drill down. This degree of granularity enables Predictive DNS users to understand trends and query volumes for specific zones, host names, request types, markets, countries, regions, states, and networks.

These reports are primarily used for better visibility and analysis.They give traffic flows for each zone or host name and help diagnose DNS related issues.They also reveal anomalies such as spikes in requests or other irregularities, by breaking down the volume of requests by record types and geographic locations.

You can also filter unnecessary noise by knowing which zones serve the most traffic, and focus only on the zones or record types that you care about.

DNS vs. Openmix Reporting

For Openmix customers, reports appear within DNS reporting and within Openmix decision reports. DNS reporting provides information on requests made to our authoritative zones, while Openmix provides reports on when the Openmix intelligent platform was used to fulfill a request, either through an Openmix application record or directly to an Openmix CNAME.

Navigation

To navigate to the DNS Report section:

Click Predictive DNS in the left navigation menu.

Navigate to DNS Report.

The DNS Report page opens.

Apply Filters

The Apply Filters panel on the right helps you select and view only the data that you want displayed on the report.
You can filter based on the following:

Zone – Select one or more zones to include.

Resource – Select one or more host names to include.

DNS Request Type – Select one or more DNS request types to include.

Location – Select one or more geographic locations (Market, Region, State, or Network) to include.

Primary Dimension

Primary dimensions are selected through lists above the chart. You can use this as a powerful pivot on the report.

Summary

The Summary gives you the total number of requests with the complete set of the filters applied.

Filter by Preset Time Ranges

Relative preset time ranges can be chosen as an extra filter to further refine the reporting.

Bookmarking Reports

Once you generate a report based on the filter criteria, you can save the filters applied by bookmarking the report. Every time you visit this bookmark, an updated report is generated based on all the selected filters.
To bookmark a report do the following:

Click the bookmark icon on the top-right of the page.

In the Add New Bookmark dialog box, give an appropriate name to the bookmark and click Create.

A new bookmark is now created. You can access the bookmark by clicking the bookmark icon (on the top-right corner of every report page) and selecting the bookmark.

The official version of this content is in English. Some of the Citrix documentation content is machine translated for your convenience only. Citrix has no control over machine-translated content, which may contain errors, inaccuracies or unsuitable language. No warranty of any kind, either expressed or implied, is made as to the accuracy, reliability, suitability, or correctness of any translations made from the English original into any other language, or that your Citrix product or service conforms to any machine translated content, and any warranty provided under the applicable end user license agreement or terms of service, or any other agreement with Citrix, that the product or service conforms with any documentation shall not apply to the extent that such documentation has been machine translated. Citrix will not be held responsible for any damage or issues that may arise from using machine-translated content.

THIS SERVICE MAY CONTAIN TRANSLATIONS POWERED BY GOOGLE. GOOGLE DISCLAIMS ALL WARRANTIES RELATED TO THE TRANSLATIONS, EXPRESS OR IMPLIED, INCLUDING ANY WARRANTIES OF ACCURACY, RELIABILITY, AND ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.

THIS SERVICE MAY CONTAIN TRANSLATIONS POWERED BY GOOGLE. GOOGLE DISCLAIMS ALL WARRANTIES RELATED TO THE TRANSLATIONS, EXPRESS OR IMPLIED, INCLUDING ANY WARRANTIES OF ACCURACY, RELIABILITY, AND ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.

THIS SERVICE MAY CONTAIN TRANSLATIONS POWERED BY GOOGLE. GOOGLE DISCLAIMS ALL WARRANTIES RELATED TO THE TRANSLATIONS, EXPRESS OR IMPLIED, INCLUDING ANY WARRANTIES OF ACCURACY, RELIABILITY, AND ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.

THIS SERVICE MAY CONTAIN TRANSLATIONS POWERED BY GOOGLE. GOOGLE DISCLAIMS ALL WARRANTIES RELATED TO THE TRANSLATIONS, EXPRESS OR IMPLIED, INCLUDING ANY WARRANTIES OF ACCURACY, RELIABILITY, AND ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.

THIS SERVICE MAY CONTAIN TRANSLATIONS POWERED BY GOOGLE. GOOGLE DISCLAIMS ALL WARRANTIES RELATED TO THE TRANSLATIONS, EXPRESS OR IMPLIED, INCLUDING ANY WARRANTIES OF ACCURACY, RELIABILITY, AND ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.